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Essentially all data mining algorithms assume that the data-generating process is 
independent of the data miner's activities. However, in many domains, including spam 
detection, intrusion detection, fraud detection, surveillance and counter-terrorism, this is far 
from the case: the data is actively manipulated by an adversary seeking to make the 
classifier produce false negatives. In these domains, the performance of a classifier can 
degrade rapidly after it is deployed, as the adversary learns ... 
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Consider a team of mobile software agents deployed to capture a (possibly hostile) intruder 
in a network. All agents, including the intruder move along the network links; the intruder 
could be arbitrarily fast, and aware of the positions of all the agents. The problem is to 
design the agents' strategy for capturing the intruder. The main efficiency parameter is the 
size of the team. This is an instance of the well known graph-searching problem whose 
many variants have been extensively studied in ... 
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This paper presents a new approach called model-carrying code (MCC) for safe execution of 
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concise high-level model of its security-relevant behavior. This model helps bridge the gap 
between high-level security policies and low-level binary code, thereby enabling analyses 
which would otherwise be impractical. For instance, users can use a fully automated 
verification procedure to determine if the code ... 

Keywords: mobile code security, policy enforcement, sand-boxing, security policies 
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Keith B. Frikken, Mikhail J. Atallah 

October 2003 Proceeding of the ACM workshop on Privacy in the electronic society 

Full text available: ^ pdf (1 50.58 KB) Additional Information: full citation , abstract , references, index terms 

Can protocols make privacy concerns no longer clash with security imperatives, by 
satisfying both? The former seems to preclude the widespread collection and sharing of 
data about individuals and their activities, whereas the latter (especially national security 
and law enforcement) seems to require it. This paper gives a step in the direction of 
satisfying both, by giving protocols that make the data-sharing about individuals and their 
actions conditional on these individuals being already o ... 


Keywords: privacy, security protocols, surveillance 
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Vinod Yegneswaran, Paul Barford, Johannes Ullrich 

June 2003 ACM SIGMETRICS Performance Evaluation Review , Proceedings of the 
2003 ACM SIGMETRICS international conference on Measurement and 
modeling of computer systems, volume 3i issue l 

Full text available: 111 pdf (699. 44 KB) Additional Information: Ml citation, abstract, references, citings, index 
™ term s 

Network intrusions have been a fact of life in the Internet for many years. However, as is 
the case with many other types of Internet-wide phenomena, gaining insight into the global 
characteristics of intrusions is challenging. In this paper we address this problem by 
systematically analyzing a set of firewall logs collected over four months from over 1600 
different networks world wide. The first part of our study is a general analysis focused on 
the issues of distribution, categorization ... 

Keywords: internet performance and monitoring, network security, wide area 
measurement 
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November 1999 Proceedings of the 6th ACM conference on Computer and 
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a human-memorizable password has received much attention in the literature. The first 
rigorous treatment was provided by Halevi and Krawczyk, who studied off-line password 
guessing attacks in the scenario in which the authentication server possesses a pair of 
private and public keys. In this work we: Show the inadequacy of both the HK formalization 
and protocol in the ... 

8 P rotocol scrubbing: network security through transparent flow modification Q 
David Watson, Matthew Smart, G. Robert Malan, Farnam Jahanian 
April 2004 IEEE/ACM Transactions on Networking (TON), Volume 12 issue 2 

Full text available: ^ pdf(316.54 KB) Additional Information: full citation , abstract , references , index terms 

This paper describes the design and implementation of protocol scrubbers. Protocol 
scrubbers are transparent, interposed mechanisms for explicitly removing network scans 
and attacks at various protocol layers. The transport scrubber supports downstream passive 
network-based intrusion detection systems by converting ambiguous network flows into 
well-behaved flows that are unequivocally interpreted by all downstream endpoints. The 
fingerprint scrubber restricts an attacker's ability to determine t ... 

Keywords: intrusion detection, network security, protocol scrubber, stack fingerprinting 
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10 LOF: identifying density-based local outliers 

Markus M. Breunig, Hans-Peter Kriegel, Raymond T. Ng, Jorg Sander 

May 2000 ACM SIGMOD Record , Proceedings of the 2000 ACM SIGMOD international 

conference on Management of data, volume 29 issue 2 
Full text available- IB pdf(263 81 KB) Addit ' onal Information: f ull cita tio n , abstr act, referen ces , citings, index 
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For many KDD applications, such as detecting criminal activities in E-commerce, finding the 
rare instances or the outliers, can be more interesting than finding the common patterns. 
Existing work in outlier detection regards being an outlier as a binary property. In this 
paper, we contend that for many scenarios, it is more meaningful to assign to each object a 
degree of being an outlier. This degree is called the local outlier factor (LOF) of an object. It 
is local in th ... 

Keywords: database mining, outlier detection 


1 1 Stalking t he wil y hack e r Q 
Clifford stoll 

May 1988 Communications of the ACM, Volume 31 issue 5 

Full text available: ffi pdf(1.60 MB) Additional Information: full, citatipn, abstract, references, citings, index 
' terms 

An astronomer-turned-sleuth traces a German trespasser on our military networks, who 
slipped through operating system security holes and browsed through sensitive databases. 
Was it espionage? 
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LiWu Chang, Ira S. Moskowitz 

January 1998 Proceedings of the 1998 workshop on New security paradigms 
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14 Improving t he a d ap tab i lity of mult i -mod e sy s tems via progra m s teering 
Lee Lin, Michael D. Ernst 

July 2004 ACM SIGSOFT Software Engineering Notes , Proceedings of the 2004 ACM 
SIGSOFT international symposium on Software testing and analysis, Volume 

29 Issue 4 

Full text available: ^ pdf(1 95.32 KB) Additional Information: full citation , abstract , references , index terms 

A multi-mode software system contains several distinct modes of operation and a controller 
for deciding when to switch between modes. Even when developers rigorously test a multi- 
mode system before deployment, they cannot foresee and test for every possible usage 
scenario. As a result, unexpected situations in which the program fails or underperforms 
(for example, by choosing a non-optimal mode) may arise. This research aims to mitigate 
such problems by creating a new mode selector that examines ... 

Keywords: adaptability, mode selection, multi-mode systems, program steering 


15 Enabling trusted software integrity 

Darko Kirovski, Milenko Drinic, Miodrag Potkonjak 

October 2002 Proceedings of the 10th international conference on Architectural 

support for programming languages and operating systems, volume 37 , 30 , 

36 Issue 10 , 5 , 5 

Full text available: ^|pdf(1.39 MB) Additional Information: f u ll cita tion, abstract, referenc es , citings 

Preventing execution of unauthorized software on a given computer plays a pivotal role in 
system security. The key problem is that although a program at the beginning of its 
execution can be verified as authentic, while running, its execution flow can be redirected to 
externally injected malicious code using, for example, a buffer overflow exploit. Existing 
techniques address this problem by trying to detect the intrusion at run-time or by formally 
verifying that the software is not prone to a p ... 


16 Communication over wireless LANs: DOMINO: a system to detect greedy behavior in Q 

IEEE 802.11 hotspots 

Maxim Raya, Jean-Pierre Hubaux, Imad Aad 

June 2004 Proceedings of the 2nd international conference on Mobile systems, 
applications, and services 

Full text available: |j | pdf(301.61 KB) Additional Information: full citation , abstract , references , jn dex terms 

The proliferation of hotspots based on IEEE 802.11 wireless LANs brings the promise of 
seamless Internet access from a large number of public locations. However, as the number 
of users soars, so does the risk of possible misbehavior; to protect themselves, wireless 
ISPs already make use of a number of security mechanisms, and require mobile stations to 
authenticate themselves at the Access Points (APs). However, IEEE 802.11 works properly 
only if the stations also respect the MAC protocol. We sh ... 

Keywords: IEEE 802.11, MAC, WISP, hotspot, misbehavior, wireless LAN 
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17 Mobile and Cooperative Systems: Information sharin g and security in dyn amic 
coali tions 

Charles E. Phillips, T.C. Ting, Steven A. Demurjian 

June 2002 Proceedings of the seventh ACM symposium on Access control models and 
technologies 

r- „ A . ., tt/ ^ ftum Additional Information: fulcitaim 

Full text available: ^ pdff1.68 MB) terms 

Today, information sharing is critical to almost every institution. There is no more critical 
need for information sharing than during an international crisis, when international 
coalitions dynamically form. In the event of a crisis, whether it is humanitarian relief, 
natural disaster, combat operations, or terrorist incidents, international coalitions have an 
immediate need for information. These coalitions are formed with international cooperation, 
where each participating country offers whate ... 

Keywords: access control, distributed systems, dynamic coalitions, information security 
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